work_with_openshift

[namloc2001]

Hi, I've been reworking this chart to function in an OpenShift cluster. The changes look to do a number of things:

• Auto-create SCCs for postgreSQL and SonarQube (equiv to nonroot)
• Split the init-sysctl container into a job and provide it with serviceAccount and access to a "stripped-down" privileged SCC

I've got it working on my cluster with:

helm install <release_name> . --set serviceAccount.create=true,postgresql.serviceAccount.enabled=true,OpenShift.enabled=true,OpenShift.createSCC=true,initSysctl.serviceAccount.create=true

This uses a key in values.yaml (OpenShift.enabled) to assert whether OpenShift SCC resources need to be created.

I've also:

• exposed some additional postgreSQL keys in values.yaml
• added an initContainer to monitor postgreSQL is up before starting SonarQube.

Just wanted to see if there is any interest in this, and any validation you'd like to apply. My only concern at the moment is that the job to perform the systctl changes will happen once on the worker node this is deployed to, but then wouldn't happen again if the sonarqube pod was recreated on a new worker node. I think a daemonset could be used to apply the sysctl command to all/specific labelled worker nodes.

[namloc2001]

Please see #214 instead.